[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 92f2b8: cirrus: add blit_is_unsafe call to ci
From: |
GitHub |
Subject: |
[Qemu-commits] [qemu/qemu] 92f2b8: cirrus: add blit_is_unsafe call to cirrus_bitblt_c... |
Date: |
Fri, 24 Feb 2017 07:00:12 -0800 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 92f2b88cea48c6aeba8de568a45f2ed958f3c298
https://github.com/qemu/qemu/commit/92f2b88cea48c6aeba8de568a45f2ed958f3c298
Author: Gerd Hoffmann <address@hidden>
Date: 2017-02-24 (Fri, 24 Feb 2017)
Changed paths:
M hw/display/cirrus_vga.c
Log Message:
-----------
cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo (CVE-2017-2620)
CIRRUS_BLTMODE_MEMSYSSRC blits do NOT check blit destination
and blit width, at all. Oops. Fix it.
Security impact: high.
The missing blit destination check allows to write to host memory.
Basically same as CVE-2014-8106 for the other blit variants.
Cc: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: 63f495beb4007de5444614125fd6fd178ca6e2b1
https://github.com/qemu/qemu/commit/63f495beb4007de5444614125fd6fd178ca6e2b1
Author: Peter Maydell <address@hidden>
Date: 2017-02-24 (Fri, 24 Feb 2017)
Changed paths:
M hw/display/cirrus_vga.c
Log Message:
-----------
Merge remote-tracking branch
'remotes/kraxel/tags/pull-cve-2017-2620-20170224-1' into staging
cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo (CVE-2017-2620)
# gpg: Signature made Fri 24 Feb 2017 13:42:39 GMT
# gpg: using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <address@hidden>"
# gpg: aka "Gerd Hoffmann <address@hidden>"
# gpg: aka "Gerd Hoffmann (private) <address@hidden>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138
* remotes/kraxel/tags/pull-cve-2017-2620-20170224-1:
cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo (CVE-2017-2620)
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/5842b55fd403...63f495beb400
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 92f2b8: cirrus: add blit_is_unsafe call to cirrus_bitblt_c...,
GitHub <=